[CONTP-1397] add admission controller probe configuration

[adel121]

What does this PR do?

Adds configuration for admission_controller.probe

Minimum Agent Versions

Are there minimum versions of the Datadog Agent and/or Cluster Agent required?

• Cluster Agent: v7.78.0

Describe your test plan

Deploy the operator and apply the following:

apiVersion: datadoghq.com/v2alpha1
kind: DatadogAgent
metadata:
  name: datadog
spec:
  features:
    admissionController:
      enabled: true
  override:
    nodeAgent:
      env:
        - name: DD_HOSTNAME
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
    clusterAgent:
      replicas: 2

After the cluster agent is Running, check the output of agent status on the leader cluster agent replica, it should contain a section for the admission controller network probe with successful executions:

Connectivity Probe
------------------
Namespace: datadog-admission-probe-dryrun
Total Executions: 4
Success Rate: 25.0%
Last Execution: 2026-03-05T13:06:11Z (success)
Last Successful Probe: 2026-03-05T13:06:11Z

Or just check the output of agent config -a on the cluster agent and ensure that admission_controller.probe.enabled is true

Checklist

• PR has at least one valid label: bug, enhancement, refactoring, documentation, tooling, and/or dependencies
• PR has a milestone or the qa/skip-qa label
• All commits are signed (see: signing commits)

[adel121]

not sure why this changed

[adel121]

Not sure why these keep being added when running make build. They seem redundant, we already have '*' just above.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 47.16981% with 28 lines in your changes missing coverage. Please review.
✅ Project coverage is 38.81%. Comparing base (8669701) to head (dca660a).

Files with missing lines	Patch %	Lines
pkg/testutils/builder.go	0.00%	14 Missing ⚠️
pkg/testutils/ddai_builder.go	0.00%	14 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2720      +/-   ##
==========================================
+ Coverage   38.80%   38.81%   +0.01%     
==========================================
  Files         309      309              
  Lines       26750    26803      +53     
==========================================
+ Hits        10379    10404      +25     
- Misses      15592    15620      +28     
  Partials      779      779              

Flag	Coverage Δ
unittests	38.81% <47.16%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...atadogagent/feature/admissioncontroller/feature.go	68.87% <100.00%> (+2.80%)	⬆️
pkg/testutils/builder.go	0.00% <0.00%> (ø)
pkg/testutils/ddai_builder.go	0.00% <0.00%> (ø)

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8669701...dca660a. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 53dfcbc913

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Propagate explicit probe disable to Cluster Agent

When features.admissionController.probe.enabled is set to false, this block skips writing DD_ADMISSION_CONTROLLER_PROBE_ENABLED entirely, so the user’s explicit disable is never propagated to the Cluster Agent. In clusters where the agent-side default is enabled (the API/docs describe probe default as true), the probe will remain active despite enabled: false; emit the enabled env var with the configured boolean value and only gate interval/grace-period env vars.

Useful? React with 👍 / 👎.

[tbavelier]

discussed offline, not worth the added complexity for something minor/harmless. LGTM